<?
//i : id
//c : code : filename

defined('SITE_BASE_DIR') || define('SITE_BASE_DIR', realpath(dirname(__FILE__)));
include SITE_BASE_DIR."/config/config.php";
include SITE_BASE_DIR."/config/init.php";
$arrCode = explode('-',$_REQUEST["c"]);
if (isset($_REQUEST["i"]) && intval($_REQUEST["i"])>0 && isset($_REQUEST["c"]) && intval($arrCode[0])>0 && intval($arrCode[1])>0 && strlen($_REQUEST["c"]) > 15) {
    $sqlCheck = "SELECT * FROM document WHERE id=".intval($_REQUEST["i"])." AND filename LIKE '%".mysql_real_escape_string($_REQUEST["c"])."%'";
    $rs = $db->query_first($sqlCheck);
    if($rs) {
        $db->query("UPDATE document SET download_count=download_count+1 WHERE id=".intval($_REQUEST["i"]));
        $file=SITE_UPLOAD_DIR.$rs['filename'];
        if(file_exists($file)) {
            header("Content-type: application/force-download");
            header("Content-Transfer-Encoding: Binary");
            header("Content-length: ".filesize($file));
            header("Content-disposition: attachment; filename=\"".'GTC-'.$rs['realname']."\"");
            readfile("$file");
            die;
        }else{
            echo 'File dose not exist!';die;
        }
    }
}else {
    die;
}
?>